Title: honuware's Replies | WordPress.org

---

# honuware

  [  ](https://wordpress.org/support/users/honuware/)

 *   [Profile](https://wordpress.org/support/users/honuware/)
 *   [Topics Started](https://wordpress.org/support/users/honuware/topics/)
 *   [Replies Created](https://wordpress.org/support/users/honuware/replies/)
 *   [Reviews Written](https://wordpress.org/support/users/honuware/reviews/)
 *   [Topics Replied To](https://wordpress.org/support/users/honuware/replied-to/)
 *   [Engagements](https://wordpress.org/support/users/honuware/engagements/)
 *   [Favorites](https://wordpress.org/support/users/honuware/favorites/)

 Search replies:

## Forum Replies Created

Viewing 4 replies - 1 through 4 (of 4 total)

 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[WPS Hide Login] How to hide resetpassword url?](https://wordpress.org/support/topic/how-to-hide-resetpassword-url/)
 *  [honuware](https://wordpress.org/support/users/honuware/)
 * (@honuware)
 * [5 years, 10 months ago](https://wordpress.org/support/topic/how-to-hide-resetpassword-url/#post-13155284)
 * [@atis10](https://wordpress.org/support/users/atis10/) search for frontend reset
   password in the plugin search box. It uses short codes on pages you specify so
   the defaults are bypassed.
 * UsersWP is another one that is more feature rich.
    -  This reply was modified 5 years, 10 months ago by [honuware](https://wordpress.org/support/users/honuware/).
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[WPS Hide Login] How to hide resetpassword url?](https://wordpress.org/support/topic/how-to-hide-resetpassword-url/)
 *  [honuware](https://wordpress.org/support/users/honuware/)
 * (@honuware)
 * [5 years, 10 months ago](https://wordpress.org/support/topic/how-to-hide-resetpassword-url/#post-13155206)
 * Having other users able to register, log in, and request a password reset involves
   a public exposure of some kind no matter what. That is the ultimate solve to 
   harden this process.
 * Even if you had a login in area on the front of the site, when they make a “mistake”
   the default is to go the traditional log in page, which again, defeats the purpose
   you want solved.
 * Let me think on this a bit.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[WPS Hide Login] How to hide resetpassword url?](https://wordpress.org/support/topic/how-to-hide-resetpassword-url/)
 *  [honuware](https://wordpress.org/support/users/honuware/)
 * (@honuware)
 * [5 years, 10 months ago](https://wordpress.org/support/topic/how-to-hide-resetpassword-url/#post-13150191)
 * When I said “it should redirect” that was supposed to mean redirect to **not 
   your login page** so the 404 error is a good thing since it does not expose your
   slug and disclose your URL.
 * I am using this plugin to avoid automated programs looking for wp-login.php positive
   experiences to flag my site for further malicious action. When the plugin is 
   activated, all the URLs I would try to get a positive hit either redirected to
   my chosen page in the plugin settings or gave the 404 error which I thought was
   a good thing.
 * I guess what I am trying to say is the only way someone would know your reset
   password URL thus knowing your login URL is if they knew your login URL in the
   first place so they could click on the appropriate reset password URL from that
   page.
 * Am I missing something? I am trying to work through this with you so we both 
   have a level of comfort knowing this plugin meets our needs and comfort level.
 * Thanks for your engagement on this so I better understand.
 * H
    -  This reply was modified 5 years, 10 months ago by [honuware](https://wordpress.org/support/users/honuware/).
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[WPS Hide Login] How to hide resetpassword url?](https://wordpress.org/support/topic/how-to-hide-resetpassword-url/)
 *  [honuware](https://wordpress.org/support/users/honuware/)
 * (@honuware)
 * [5 years, 10 months ago](https://wordpress.org/support/topic/how-to-hide-resetpassword-url/#post-13147400)
 * I just installed this plugin and I think this concern is not one to be worried
   about.
 * Before you activat the plugin, the wp-login.php page has the lost password link
   and it it will be this
 * [https://yoursite.com/wp-login.php?action=lostpassword](https://yoursite.com/wp-login.php?action=lostpassword)
 * so you had to get to the login page to do the lost password link.
 * With the plugin activated on your site, the login page is
 * [https://yoursite.com/loginhere/](https://yoursite.com/loginhere/)
 * On that page, the link to the lost password page is like you said
 * /loginhere?action=lostpassword
 * I think everything is okay since the lost password link is tied to the wp-login.
   php and your chosen slug for the login page (loginhere) replaces wp-login.php.
   If someone does not know your slug, they cannot get to the lost password page.
 * With the plugin activated, please try to go to
 * [https://yoursite.com/wp-login.php?action=lostpassword](https://yoursite.com/wp-login.php?action=lostpassword)
 * It should redirect.
 * If I am wrong, can the developer please chime in?
    -  This reply was modified 5 years, 10 months ago by [honuware](https://wordpress.org/support/users/honuware/).
      Reason: added something to try

Viewing 4 replies - 1 through 4 (of 4 total)